159.138.152.49

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Hong Kong

运营商(isp): Huawei International Pte Ltd

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspambots	badbot	2019-11-27 06:30:59

相同子网IP讨论:

IP	类型	评论内容	时间
159.138.152.247	attack	Automatic report - Banned IP Access	2020-01-29 13:12:47
159.138.152.36	attack	badbot	2020-01-15 09:21:29
159.138.152.163	attackspam	badbot	2020-01-15 06:48:55
159.138.152.85	attack	badbot	2020-01-15 06:44:44
159.138.152.14	attackbotsspam	badbot	2019-12-23 02:57:31
159.138.152.98	attack	badbot	2019-11-25 07:02:35
159.138.152.234	attackspam	/download/file.php?id=219&sid=92d3ffe10bd9005a31f4db93a21c1445	2019-10-20 20:12:25

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 159.138.152.49
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55084
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;159.138.152.49.			IN	A

;; AUTHORITY SECTION:
.			192	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019112602 1800 900 604800 86400

;; Query time: 488 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Nov 27 06:30:56 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

49.152.138.159.in-addr.arpa domain name pointer ecs-159-138-152-49.compute.hwclouds-dns.com.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
49.152.138.159.in-addr.arpa	name = ecs-159-138-152-49.compute.hwclouds-dns.com.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
51.83.69.99	attackbots	51.83.69.99 - - [27/Nov/2019:02:24:52 +0400] "POST /GponForm/diag_Form?style/ HTTP/1.1" 502 157 "-" "curl/7.3.2" ...	2019-11-27 06:48:48
222.186.175.140	attack	Unauthorized access to SSH at 26/Nov/2019:22:38:15 +0000. Received: (SSH-2.0-PuTTY)	2019-11-27 06:39:46
104.236.94.202	attack	'Fail2Ban'	2019-11-27 06:44:09
34.83.184.206	attackspambots	Nov 26 18:10:32 vps647732 sshd[12801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.83.184.206 Nov 26 18:10:34 vps647732 sshd[12801]: Failed password for invalid user jamjim from 34.83.184.206 port 47126 ssh2 ...	2019-11-27 06:54:02
188.166.232.14	attackspambots	Nov 26 22:57:30 venus sshd\[29504\]: Invalid user qingyuan from 188.166.232.14 port 37192 Nov 26 22:57:30 venus sshd\[29504\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.232.14 Nov 26 22:57:32 venus sshd\[29504\]: Failed password for invalid user qingyuan from 188.166.232.14 port 37192 ssh2 ...	2019-11-27 07:00:08
218.92.0.133	attack	pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.133 user=root Failed password for root from 218.92.0.133 port 36930 ssh2 Failed password for root from 218.92.0.133 port 36930 ssh2 Failed password for root from 218.92.0.133 port 36930 ssh2 Failed password for root from 218.92.0.133 port 36930 ssh2	2019-11-27 07:18:34
167.114.43.87	attack	Looking for resource vulnerabilities	2019-11-27 06:45:27
114.5.12.186	attack	ssh failed login	2019-11-27 06:51:37
192.144.142.72	attack	$f2bV_matches	2019-11-27 06:44:56
218.92.0.139	attackbotsspam	Nov 27 00:16:35 vps666546 sshd\[7605\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.139 user=root Nov 27 00:16:37 vps666546 sshd\[7605\]: Failed password for root from 218.92.0.139 port 19831 ssh2 Nov 27 00:16:40 vps666546 sshd\[7605\]: Failed password for root from 218.92.0.139 port 19831 ssh2 Nov 27 00:16:43 vps666546 sshd\[7605\]: Failed password for root from 218.92.0.139 port 19831 ssh2 Nov 27 00:16:47 vps666546 sshd\[7605\]: Failed password for root from 218.92.0.139 port 19831 ssh2 ...	2019-11-27 07:19:38
178.128.112.98	attack	2019-11-26T22:57:17.930678abusebot-5.cloudsearch.cf sshd\[7101\]: Invalid user robert from 178.128.112.98 port 59542	2019-11-27 07:10:29
106.12.98.7	attackspam	Nov 26 18:27:12 sd-53420 sshd\[12255\]: Invalid user impal from 106.12.98.7 Nov 26 18:27:12 sd-53420 sshd\[12255\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.98.7 Nov 26 18:27:13 sd-53420 sshd\[12255\]: Failed password for invalid user impal from 106.12.98.7 port 48504 ssh2 Nov 26 18:34:31 sd-53420 sshd\[13760\]: User root from 106.12.98.7 not allowed because none of user's groups are listed in AllowGroups Nov 26 18:34:31 sd-53420 sshd\[13760\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.98.7 user=root ...	2019-11-27 06:43:56
221.237.216.235	attack	Unauthorised access (Nov 27) SRC=221.237.216.235 LEN=52 TTL=116 ID=13794 DF TCP DPT=1433 WINDOW=8192 SYN Unauthorised access (Nov 26) SRC=221.237.216.235 LEN=52 TTL=116 ID=11244 DF TCP DPT=3389 WINDOW=8192 SYN Unauthorised access (Nov 26) SRC=221.237.216.235 LEN=52 TTL=116 ID=19678 DF TCP DPT=3389 WINDOW=8192 SYN Unauthorised access (Nov 26) SRC=221.237.216.235 LEN=52 TTL=116 ID=4244 DF TCP DPT=1433 WINDOW=8192 SYN Unauthorised access (Nov 26) SRC=221.237.216.235 LEN=52 TTL=116 ID=11985 DF TCP DPT=1433 WINDOW=8192 SYN Unauthorised access (Nov 26) SRC=221.237.216.235 LEN=52 TTL=116 ID=4592 DF TCP DPT=1433 WINDOW=8192 SYN Unauthorised access (Nov 26) SRC=221.237.216.235 LEN=52 TTL=116 ID=663 DF TCP DPT=1433 WINDOW=8192 SYN Unauthorised access (Nov 26) SRC=221.237.216.235 LEN=52 TTL=116 ID=16853 DF TCP DPT=1433 WINDOW=8192 SYN	2019-11-27 06:44:33
185.62.188.218	attackbotsspam	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/185.62.188.218/ NL - 1H : (13) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : NL NAME ASN : ASN49349 IP : 185.62.188.218 CIDR : 185.62.188.0/24 PREFIX COUNT : 34 UNIQUE IP COUNT : 8704 ATTACKS DETECTED ASN49349 : 1H - 1 3H - 1 6H - 1 12H - 1 24H - 1 DateTime : 2019-11-26 23:57:01 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-11-27 07:17:48
94.130.92.61	attackbotsspam	[TueNov2623:57:06.2867202019][:error][pid964:tid47011403462400][client94.130.92.61:43286][client94.130.92.61]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"\\\\\\\\.sql\$"atREQUEST_FILENAME.[file"/usr/local/apache.ea3/conf/modsec_rules/10_asl_rules.conf"][line"1288"][id"350590"][rev"2"][msg"Atomicorp.comWAFRules:AttackBlocked-Dataleakage-attempttoaccessrawSQLfiles$disablethisruleifyourequireaccesstofilesthatendwith.sql$"][severity"CRITICAL"][hostname"www.bluwater.ch"][uri"/exp.sql"][unique_id"Xd2twu1fzFCldH4LDsAH@AAAAZM"][TueNov2623:57:07.5456572019][:error][pid1029:tid47011297191680][client94.130.92.61:43474][client94.130.92.61]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"\\\\\\\\.sql\$"atREQUEST_FILENAME.[file"/usr/local/apache.ea3/conf/modsec_rules/10_asl_rules.conf"][line"1288"][id"350590"][rev"2"][msg"Atomicorp.comWAFRules:AttackBlocked-Dataleakage-attempttoaccessrawSQLfiles$disablethisruleifyourequireaccesstofilesthatendwith.sql$"][severity"	2019-11-27 07:14:53

最近上报的IP列表

197.245.103.209	201.42.152.124	188.213.212.60	185.104.126.26
218.102.62.197	199.247.2.74	188.127.164.96	91.107.123.127
185.199.96.78	123.26.156.16	187.163.188.253	183.208.133.147
218.216.175.69	186.54.83.211	151.237.207.10	104.9.134.164
65.52.31.68	59.112.252.241	60.199.223.81	94.130.92.61